Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 576876 (CVE-2016-2512) - <dev-python/django-{1.8.14,1.9.5}: multiple vulnerabilities
Summary: <dev-python/django-{1.8.14,1.9.5}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2016-2512
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B3 [noglsa cve]
Keywords:
: 576486 577192 (view as bug list)
Depends on: CVE-2016-9013, CVE-2016-9014, CVE-2017-7233, CVE-2017-7234
Blocks: CVE-2016-6186
  Show dependency tree
 
Reported: 2016-03-09 15:30 UTC by Agostino Sarubbo
Modified: 2017-08-24 03:31 UTC (History)
6 users (show)

See Also:
Package list:
=dev-python/django-1.8.18 ~amd64 ~x86 =dev-python/django-celery-3.1.17 ~amd64 ~x86
Runtime testing required: ---
stable-bot: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-03-09 15:30:34 UTC
From ${URL} :


Today the Django team issued 1.9.3 and 1.8.10 as part of our security 
process. This releases address two security issues, and we encourage all 
users to upgrade as soon as possible.

Details are available on the Django project weblog:

https://www.djangoproject.com/weblog/2016/mar/01/security-releases/



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Johann Schmitz (ercpe) (RETIRED) gentoo-dev 2016-03-12 06:30:39 UTC
*** Bug 576486 has been marked as a duplicate of this bug. ***
Comment 2 Pacho Ramos gentoo-dev 2016-03-14 16:05:50 UTC
*** Bug 577192 has been marked as a duplicate of this bug. ***
Comment 4 Justin Lecher gentoo-dev 2017-06-03 19:38:30 UTC
commit 6855253051c53fdcb07f62b792218550fa708bf8
Author: Justin Lecher <jlec@gentoo.org>
Date:   Sat Jun 3 20:33:58 2017 +0100

    dev-python/django: Version Bump CVE-201{6-{2512,7401,9013,9014},7-{7233,7234}}

    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=576876
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=589134
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=595544
    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=598770
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
    Signed-off-by: Justin Lecher <jlec@gentoo.org>

    https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6855253051c53fdcb07f62b792218550fa708bf8
Comment 5 Justin Lecher gentoo-dev 2017-06-03 19:41:15 UTC
@arches please stabilize

=dev-python/django-1.8.18
Comment 6 Stabilization helper bot gentoo-dev 2017-06-03 20:01:28 UTC
An automated check of this bug failed - the following atom is unknown:

dev-python/django-1.8.18

Please verify the atom list.
Comment 7 Stabilization helper bot gentoo-dev 2017-06-04 07:00:55 UTC
An automated check of this bug failed - repoman reported dependency errors (85 lines truncated): 

> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: RDEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
> dependency.bad dev-python/django-celery/django-celery-3.1.16.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['<=dev-python/django-1.7.11[python_targets_python2_7(-)?,python_targets_python3_4(-)?,-python_single_target_python2_7(-),-python_single_target_python3_4(-)]']
Comment 8 Thomas Deutschmann gentoo-dev Security 2017-06-28 12:59:16 UTC
All done, repository is clean.